Police around the country have drastically increased their use of geofence warrants, a widely criticized investigative technique that collects data from any user’s device that was in a specified area within a certain time range, according to new figures shared by Google. Law enforcement has served geofence warrants to Google since 2016, but the company has detailed for the first time exactly how many it receives.

The report shows that requests have spiked dramatically in the past three years, rising as much as tenfold in some states. In California, law enforcement made 1,909 requests in 2020, compared to 209 in 2018. Similarly, geofence warrants in Florida leaped from 81 requests in 2018 to more than 800 last year. In Ohio, requests rose from seven to 400 in that same time.

Across all 50 states, geofence requests to Google increased from 941 in 2018 to 11,033 in 2020 and now make up more than 25 percent of all data requests the company receives from law enforcement.

A single geofence request could include data from hundreds of bystanders. In 2019, a single warrant in connection with an arson resulted in nearly 1,500 device identifiers being sent to the Bureau of Alcohol, Tobacco, Firearms, and Explosives. Dozens of civil liberties groups and privacy advocates have called for banning the technique, arguing it violates Fourth Amendment protections against unreasonable searches, particularly for protesters. Now, Google’s transparency report has revealed the scale at which people nationwide may have faced the same violation.

“There’s always collateral damage,” says Jake Laperruque, senior policy counsel for the Constitution Project at the nonprofit Project on Government Oversight. Because of their inherently wide scope, geofence warrants can give police access to location data from people who have no connection to criminal activities.

“We vigorously protect the privacy of our users while supporting the important work of law enforcement,” Google said in a statement to WIRED. “We developed a process specifically for these requests that is designed to honor our legal obligations while narrowing the scope of data disclosed.”

Just this week, Forbes revealed that Google granted police in Kenosha, Wisconsin, access to user data from bystanders who were near a library and a museum that was set on fire last August, during the protests that followed the murder of George Floyd. Google handed over the “GPS coordinates and data, device data, device IDs,” and time stamps for anyone at the library for a period of two hours; at the museum, for 25 minutes. Similarly, Minneapolis police requested Google user data from anyone “within the geographical region” of a suspected burglary at an AutoZone store last year, two days after protests began.

Laperruque argues that geofence warrants could have a “chilling effect,” as people forgo their right to protest because they fear being targeted by surveillance. Just this week, Kenosha lawmakers debated a bill that would make attending a “riot” a felony. Critics noted that such a bill could penalize anyone attending peaceful demonstrations that, because of someone else’s actions, become violent. Similarly, geofence data could be used as evidence of guilt not just by being loosely associated with someone else in a crowd but by simply being there in the first place.

Geofence warrants work differently from typical search warrants. Usually, officers identify a suspect or person of interest, then obtain a warrant from a judge to search the person’s home or belongings.

With geofence warrants, police start with the time and location that a suspected crime took place, then request data from Google for the devices surrounding that location at that time, usually within a one- to two-hour window. If Google complies, it will supply a list of anonymized data about the devices in the area: GPS coordinates, the time stamps of when they were in the area, and an anonymized identifier, known as a reverse location obfuscation identifier, or RLOI.